Answer these questions to help the Community help you with Security questions.
What is the domain name? all
*Have you searched for an answer?*yes
*Please share your search results url:
When you tested your domain using the [Cloudflare Diagnostic Center] what were the results?
Describe the issue you are having:
I have a let’s encrypt ssl on my server and I am using Cloudflare dns. I have full strict. When I disable universal ssl I get the cipher mismatch error. I keep reading if I have a let’s encrypt ssl (for example) i should be able to click disable universal
No. Sure I read with using full(strict) mode I could disable universal. So does this mean there is no point getting lets encrypt SSL on my server if just using Cloudflare?
The two symbols on the diagram indicate that there are two certificates - one is your Edge certificate deployed on Cloudflare’s network, and the other is whatever you have configured at your origin.
The SSL mode setting does not change what Edge certificate is displayed, it only changes what Cloudflare does when connecting to your origin - whether it uses HTTP (Flexible) or HTTPS (Full, Full Strict, Strict) and whether it attempts to verify the certificate (Full Strict, Strict) your origin presents. If you have deployed a LetsEncrypt certificate to your origin server and you intend to keep this valid & renew it when it expires, Full Strict is the best option for you.
There must always be an SSL certificate deployed to Cloudflare’s Edge for SSL to work with Cloudflare. If you wanted to upload your own SSL certificate to us instead of the ones Cloudflare offers, you can do that as part of a Business plan.
symbols on the diagram indicate that there are two certificates - one is your Edge certificate deployed on Cloudflare’s network, and the other is whatever you have configured at your origin.